nikolas-ch/CVEs

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter

A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software (such as Adform Site Tracking 1.1).

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted).

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter.